How to Process Form Results with PHP and a Webhook
In this tutorial, we’ll show you how to process the data submitted when a user fills out a form with PHP.
About Webhooks
A webhook is computing code that executes on your website or on the cloud whenever a form is submitted. FormSmarts triggers the code’s execution by sending an HTTP request to a callback URL you’ve set up. The code receives the form data from the request, allowing you to perform useful actions with it.
Webhook Example in PHP
The code below shows how to process a webhook in PHP. We've also created more complete webhook examples taking advantage of the FormSmarts API & Webhook Client (Python):
- How to send an SMS confirmation when someone submits a form
- A simple online election application
- A property maintenance form that sends urgent requests to Slack
<?php // parse raw POST data $form = json_decode(file_get_contents("php://input")); print($form->{'api_version'}); print($form->{'form_name'}); print($form->{'fs_ref_num'}); print($form->{'api_date'}); // get the list of fields in the order they appear on the form $fields = $form->{'fields'}; // iterate over fields foreach($fields as $field) { print($field->{'field_name'}); print($field->{'field_value'}); // form attachments have additional properties (but field_value is empty) if($field->{'field_datatype'} == 'attachment') print($field->{'attachment_url'}); } // print data type of first field print($fields[0]->{'field_datatype'}); // print payment information, if applicable if(array_key_exists('payment', $form)) { $payment = $form->{'payment'}; print($payment->{'currency'}); print($payment->{'amount'}); print($payment->{'processor_name'}); print($payment->{'transaction_id'}); } // print information passed to the context parameter, if available if(array_key_exists('form_context', $form)) { print($form->{'form_context'}->{'label'}); print($form->{'form_context'}->{'value'}); } ?>
Webhook Authentication
Before taking any actions based on the data received, you should always authenticate the webhook message to verify that the request genuinely originates from FormSmarts.How to Authenticate a Webhook Message
Webhook callbacks are digitally signed with a JSON Web Token (JWT) token. You can easily verify a request with the Webhook Authenticator for Python, the Webhook Authenticator for Node.js, a PHP module in as shown here, or a JWT libray in any other language.
FormSmarts webhook authentication relies on your Webhook Key. You will find your Webhook Key in the Security Settings of your account. Your Webhook Key is secret, don't share it with anyone.
Complete Example with Authentication
Let's now revisit the example above and add message authentication.
Downloads
You can download a copy of the PHP source for this example below. Don't forget to add your account number and Webhook Key as discussed next.FormSmarts authenticates webhook requests with a JSON Web Token (JWT). We can easily verify requests with a third-party PHP module. For this example, we use this JWT module.
The Code
First edit formsmarts_webhook_example_auth_v2_config.php and paste your FormSmarts account number and Webhook Key:
// Paste your Webhook Key below
private $formsmarts_secret_key = "m9DwEcCqDZznQ5UI10AqciRWybRkdNgwB1qEhV8h93KTEcO846jqt1N9pSeU4OkN";
The callback script (FormSmarts_Webhook_Example.php) now becomes:
<?php declare(strict_types=1); use Lcobucci\JWT\Encoding\CannotDecodeContent; use Lcobucci\JWT\Encoding\JoseEncoder; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Token\Parser; use Lcobucci\JWT\Token\UnsupportedHeaderFound; use Lcobucci\JWT\UnencryptedToken; require 'vendor/autoload.php'; require_once("formsmarts_webhook_example_auth_v2_config.php"); $parser = new Parser(new JoseEncoder()); // Get Authorization header if (! isset($_SERVER["HTTP_AUTHORIZATION"])) { header("HTTP/1.1 401 Unauthorized"); fwrite(STDOUT, "Authorization header missing."); die(); } list($scheme, $token) = explode(" ", $_SERVER["HTTP_AUTHORIZATION"], 2); if (strcasecmp($type, "Bearer") != 0) { header("HTTP/1.1 401 Unauthorized"); fwrite(STDOUT, "Invalid Authorization header: missing Bearer token."); die(); } // Verify webhook request was sent by FormSmarts try { $token = $parser->parse($token); } catch (CannotDecodeContent | InvalidTokenStructure | UnsupportedHeaderFound $e) { header("HTTP/1.1 401 Unauthorized"); fwrite(STDOUT, "Invalid Authorization header: invalid Bearer token."); die(); } // We've established the request is really originating from FormSmarts. // We can now start to do something useful... // Note: Do NOT insert your own code before this line! // Log file for demonstration & debugging $fh = fopen('/tmp/formsmarts_webhook_call.log', 'a'); $form = json_decode(file_get_contents("php://input")); fwrite($fh, $form->{'api_version'}); fwrite($fh, $form->{'form_name'}); fwrite($fh, $form->{'fs_ref_num'}); fwrite($fh, $form->{'api_date'}); $fields = $form->{'fields'}; // iterate over all fields foreach($fields as $field) { fwrite($fh, $field->{'field_name'}); fwrite($fh, $field->{'field_value'}); if($field->{'field_datatype'} == 'attachment') { fwrite($fh, $field->{'attachment_url'}); fwrite($fh, $field->{'attachment_filename'}); } } // print value ID of first field fwrite($fh, $fields[2]->{'field_datatype'}); // print payment information, if applicable if(array_key_exists('payment', $form)) { $payment = $form->{'payment'}; fwrite($fh, $payment->{'currency'}); fwrite($fh, $payment->{'amount'}); fwrite($fh, $payment->{'processor_name'}); fwrite($fh, $payment->{'processor_txn_id'}); } // print context info, if available. if(array_key_exists('form_context', $form)) { fwrite($fh, $form->{'form_context'}->{'formsmarts_ctx_label'}); fwrite($fh, $form->{'form_context'}->{'formsmarts_ctx_value'}); } fclose($fh); ?>
Set Up the Webhook on FormSmarts
Follow the instructions in the webhook documentation to register the callback URL for the form you've created earlier.